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REMARKS 

In the Response to Argmaettt, on page 3, the Examiner* s Answer traverses Ajjpellants* 
position that "Authentication of DHCP Messages" to Droixis et al. (hereinafter Droms), fails to 
disclose ^'detecting an unauthorized dynamic host configuration server in accordance with 
server identification data within the configuration offer messages," Supporting this traversal^ the 
Answer describes the shared-token approach of "Protocol 0" wilii no discussion of the manner in 
which "server identification data" is used in the authesotication process. The Answer also 
alludes to *Trotocol 1," ej^laining "... the server replies with a DHCPOFFER message that 
includes authentication infomiation, including entity aufhentication information/' Appellants 
agree that both Drams *s Protocol 0 and Protocol 1 utilize authentication information in the offer 
message to authenticate or "authorize" the server. Appellants wge, howevetj that the "server 
identification data" feature expressly added by Amendment, while arguably a subset of» is clearly 
not an equivalent in scope to^ "auflientication data" in general. Information used to authorize or 
authenticate may or may not include information that identifies aix entity. Droms's disclosure 
naakes it clear that neither Protocol 0 nor Protocol 1 utilize server identification data for 
authentication purposes* *Trotocol 1" uses an encrypted message authentication code and not 
server identification data to authenticate the server as well as authenticating the message. (See 
Droms paragraph 4, page 4, explaining, the dieot requests authentication in its 
DHCPDISCOVER message and the server replies with a DHCPOFFER message that inchides 
authentication information. ' This authentication information contains an encrypted value 
generated by the source as a message authentication code (MAO to provide message 
authentication and entity authentication." (Enxpliasis added). "Protocol 0" depicted in section 3^ 
pg. 3- pg. 4, utilizes an "opaque, unencoded" authentication token that, is known (i.e. pre- 
specified) to both the cHent and server and that provides mutual authenticatioiL Droms's 
disclosure provides no indication that the token contains data that identifies either the client or 
server. 

In Amendment A, Appellants specified '^server identification data" as the particular type 
of data used to authorize the DHCP server consistent with the aim of the invention to provide a 
one-sided checker client fimctionality that can be plugged into a DHCP system without having to 
alter the legacy DHCP system. Appellants' use of server identification data is in contrast to the 
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authentication data used in hoihDroTns^s Protocol 0 and Protocol 1 that each require two-sided 
(client and server) compatibility. 

With continued reference to the "server identification data" feature. Appellants agree that 
prior art DHCJPOFFER messages may include data, such as an P address, that may be 
reasonably interpreted as "server identification data." Appellants contend, however, that the 
inclusion of server identification data in the DHCPOFFER message does not compel a 
conclusion, as suggested by the Answer, that said server identification data is necessarily utilized 
for server authentication. An example of a non-aufhentication use of the IP address is that it may 
be used to provide the recipient client the means to establish communications with Ae offering 
server. As estplained above, Droms's disclosure indicates that neither "the 'Tiotocoi 0" nor the 
'Trotocol 1" technique utilizes an IP address or any other server identification data to 
authenticate the offering server. 

Relating to the same claim, element, the Answer mischaracterizes Appellants' contentions 
relating to the rejections of the claims. Specifically, the Answer asserts that Appellants* 
arguments relv on the server identification data being an IP address. In fact, Appellants 
undertake no such reliance and instead, referring to page 7 of the Appeal Brief, allude to the 
support in the Specification providing an exemplary characterization of "server identification 
data,** which must be construed most broadly consistent with the Specdfication. The Answer 
points out that the prior art references disclose that DHCP messages includes the sender's IP 
address. Appellants agree that supplying server identification data, in the jSran of an IP address 
or otherwise, is known and inherent in disclosures relating to DHCP messages as well a$ most 
other IP traffic. However, Appellants again urge that the presence of server identification data in 
a DHCP offer message does not compel an inference that this data is utilized in any particular 
authentication routine such as the "Prx^tocol 0" or '"Protocol 1" routines disclosed hy Droms. 

On page 4, the Examiner's Answer again mischaracterizes Appellants' contentions 
regarding the claim elements, asserting Appellants rely on a "server checker cheat" not 
mentioned in tibie claim language, and implying that Appellants have improperly limited such a 
client to being hardware rather than a program. Appellants have undertaken no unwarranted 
reliance nor have limited the meaning of "server checker client" to hardware rather than program 
instructions. Appellants do not rely on the label "server checker client" per se. Instead, and as 

llEPLY BRIEF 
Docket No. ER9-1999-01 lOUSl 
Page 3 of? 



PAGE 4/8*RCVDAT1im511:15:49 AM [Eastern StandardM^ 



NOV/02/2005/WE& 09: 59" AM DILLON & YUDELL, LLP 



FAX No. 5123^36446 



P. 005 



clearly explained on page 8 of flie Appeal Brief; the functional characterization imputed to the 
**server checker cheat" (described broadly therein by Appellants as a 'logical entity") is required 
by the claim language . Namely, the logical entity, referred to as the "servear cliecker client," tihiat 
unicasts configurations requests to disable the detected unauthorized DHC server fix)m 
responding to configuration requests from network clients is the same client (logically but not 
necessarily physically distinct) that performs the broadcasting, receiving, and detecting steps as 
e^rpxessly required by the preceding claim elements. The characterization of the server checker 
client as the logical entity that performs the broadcasting, receiving, and detecting steps is a 
substantive and significant characterization of the *'umcasting" step given that. Appellants 
invention is designed to employ a logically (and possibly physically) discrete server checker 
client such that the legacy DHCP network components and protocols may remain unchanged. 

While claims terms must be given their broadest reasonable interpretation consistent with 
the specification, the Answer's definition of "server checker client" as being *teerely a program 
running on a workstation" improperly deviates &om the express and unambiguous claim 
language itself. 

The fourth element of Claim 1 (and similarly for Claims 14 and 27) recites, in part, 
*Vesponsive to said detecting step, unicastiLog host configuration requests &om said server 
checker client to said unauthorized dynamic cordSguration server..." to addition to the foregoing 
misinterpretation of the server checker client as meaning any client or workstation^ on pages 4 
and 5, the Answer fails to properly address at least two key limitations in this element. First, 
Appellants have repeatedly urged that the express limitation that the unicasting step be 
performed in response to detecting the unauthorized DHC server is a key feature that is absent 
from any of the cited references either individuaUy or in combination. 

On page 5, the Answer defines ^'unicasting" and proceeds to incorrectly conclude that 
U.S. Pat. No. 5,884,024, issued to Lim (hereinafter Lim) discloses unicasting host configuration 
requests from tiie client to the unauthorized DHCP server. Also on page 5, the Answer further 
incorrectly asserts that Lim states that using a single client to obtain all IP address leases fix>m a 
DHCP server, other clients are blocked firom access to the IP addresses, therebv preventing 
clients fiom receiving false configuration information and becoming victims of denial of service 
or man in the middle attacks . In feet, Lim describes an "IP address hogging attack" by one client 

REPLY BIGEF 
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against one or more other clients and does not state anything about any potentially beneficial 
ramification, whether it be silencing an unauthorized sexvet or otherwise, of such an "attack/* 
Rather than teaching unicastitig configuration requests to "silence" an unauthorized server, Lim 's 
non-e5q>ress but arguably inherent disclosure of unicasting host configuration requests to a server 
covers only the incidental and contextually undesired disabling of a DHCP server resulting from 
the IP address hogging. The disclosure of Droms is limited to authentication/authorization and 
contains no disclosure or suggestion whatsoever relating to any method for disabling a server 
found to be unauthorized. Neither Droms nor Lim, individually or in combination, relate to 
dehberately disabling DHCP servers and therefore neither provides a suggestion or motivation to 
combine what is described as a client-to-client attack by Lim as a response to detecting a non- 
authenticated DHCP server as shown in Droms. 

The second limitation of the foregoing unicasting element not properly addressed by the 
Answer again relates to the characterization of the "server checker client" as being the same 
logical entity that perfoimis the broadcasfingj receiving, and detecting steps as explained above. 

On page 6, the Answer appears to shift the grounds for rejecting claims 8, 21, and 34 
fixxtn Droms to disclosure by Zzm, and incorrecdy asserts that Appellants' axgnments for 
overcoming the prior art rely on the absence of disclosure of a "sorvcr table." The Claim 
elemetxt in question recites, in part, **wherein said checker client includes a server table having a 
list of authorized dynamic host configuration servers, and wherein said step of detecting an 
unauthorized dynamic host configuration server fiirfher comprises compaiing a serv^ identifier 
included in each configuration ofiSar message with authorized server identification data in the 
server table." Ai>pellants agree that in. FIG. 6 and ooL 6, line 55 through col. 7, line 20, Lim 
discloses a trusted identifier database 318. Appellants note, however, that database 31 8 does not 
maintain any list of authorized DHCP servers. Instead, as explained at ooL 6, lines 2-6, col, 7, 
lines 9-14 and lines 31-39, the '^trusted identifiers" maintained by database 318 are data objects 
that identify a relay agent (e.g. cable modems) associated with a single client system. Appellants 
fiirther note that none of the references, either individually or in any combination, disclose 
"compaiiog a server identifier included in each configuration offer message with authorized 
server identification data in tJxe server table" to detect an unauthorized server, 
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Appellants have clearly shown that the combination of DaizOy Droms.^ and Lim neither 
contemplates nor suggests the proposed invention recited in Appellants* claims, and for those 
reasons, Examiner's rejection of Appellants' claims is not well founded and should be reversed. 
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CONCLUSION 

Appeilarrts liave again pointed out with, specificity the manifest eixor in the Examiner's 
rejections, and the claim language -which renders the invention patentable over the reference- 
Appellants, therefore, respectfully request that Qxe present rejections be reversed. 



Respectfully submitted. 
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